Compliance Poll Analysis Results

Thursday, September 30, 2010

Anton Chuvakin

Ebb72d4bfba370aecb29bc7519c9dac2

A while ago, I did this quick poll on regulatory compliance – and here is the result analysis.
 
The “winners” are:

  1. “No brainer” winner: PCI DSS with 59% – it is indeed ‘forevah’
  2. ISO2700x is a surprising silver medalist with 36% (more than half of PCI?)
  3. ITIL holds an even-more-surprising 3rd spot with 19% – at nearly 1/2 of ISO again
  4. A bunch of supposedly “cool” regs share #4 spot with 12%-15%: FISMA, HIPAA, SOX
  5. …and the same percentage (15%) is held by “I don’t care about that compliance sh*t

See the Poll Breakdown HERE.

Notable write-ins were:

  • NIST (in general, I guess beyond just FISMA)
  • Red Flag (financial)
  • CFATS (?)
  • PHIPA, MFIPPA  (?)
  • EU Data Privacy laws
What does it tell us? What can we hypothesize based on our totally unscientific compliance poll?
  • All this talk about PCI DSS impacting security at large is very real – now and likely in the near future. I might argue with Josh about whether the impact is positive or negative – but it is HUGE. It definitely goes way beyond retail and ecommerce.
  • ISO27001 came back to life somehow. That’s probably a good thing….
  • Not sure what the lesson from ITIL being #3 is – is it that folks from UK read my blog? :-)
  • Finally, I think the people who don’t care about compliance split into two opposite camps: people who don’t EVEN CARE ABOUT COMPLIANCE (much less security) and people who care about security and operational excellence which gives them compliance [not for free, mind you!] So, 19% covers both of these camps.

Any other thoughts?

Cross-posted from Security Warrior

Possibly Related Articles:
9254
General
Compliance
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.